Re: [Full-disclosure] noise about full-width encoding bypass?

From: ascii <ascii_at_nospam>
Date: Mon May 21 2007 - 21:01:26 GMT
To: Brian Eaton <eaton.lists@gmail.com>

Brian Eaton wrote:
> To summarize what I've heard from various sources: I am missing
> something important. =) Both PHP and ASP.NET will decode these
> characters into their ASCII equivalents.

(AFAIK) Only ASP.NET/IIS decodes that automatically.

PHP *can* do that as like JSP and probably others but that has to happen explicitly in the application code or on an other layer.

Regards,
Francesco `ascii` Ongaro
http://www.ush.it/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Brian Eaton: "Re: [Full-disclosure] noise about full-width encoding bypass?"
Previous message: Brian Eaton: "Re: [Full-disclosure] noise about full-width encoding bypass?"
In reply to: Brian Eaton: "Re: [Full-disclosure] noise about full-width encoding bypass?"
Next in thread: Brian Eaton: "Re: [Full-disclosure] noise about full-width encoding bypass?"
Reply: Brian Eaton: "Re: [Full-disclosure] noise about full-width encoding bypass?"
Reply: Chris Weber: "Re: [Full-disclosure] [WEB SECURITY] Re: noise about full-width encoding bypass?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]